Re: [kitten] WGLC on draft-ietf-kitten-aes-cts-hmac-sha2-06

D.Rogers@gmx.net Wed, 15 April 2015 16:03 UTC

MIME-Version: 1.0
Message-ID: <trinity-2739ed2a-59ce-446a-a746-cb4391a3bc88-1429113787632@3capp-gmx-bs26>
From: D.Rogers@gmx.net
To: Luke Howard <lukeh@padl.com>
Content-Type: text/html; charset="UTF-8"
Date: Wed, 15 Apr 2015 18:03:07 +0200
Importance: normal
Sensitivity: Normal
In-Reply-To: <46448841-4ABE-4176-88B1-94C2B26583C4@padl.com>
References: <alpine.GSO.1.10.1503301227280.22210@multics.mit.edu> <551D6C35.4080108@mit.edu> <alpine.GSO.1.10.1504081626110.22210@multics.mit.edu> <5525B044.8070509@mit.edu> <CAC2=hnfbLoRAQLwDQhL7pVYMS8kqfc1rAA6Ha1np1h1WnhT5aw@mail.gmail.com> <55271546.6020505@mit.edu> <597E759F-7941-4619-BCE0-DF604221EBB5@padl.com> <trinity-4f1ce1f7-6610-4a7e-aca8-c3205d929e2e-1429091657571@3capp-gmx-bs24>, <46448841-4ABE-4176-88B1-94C2B26583C4@padl.com>
Archived-At: <http://mailarchive.ietf.org/arch/msg/kitten/y0jMAPMedmVOfGC73x_gMpByB3A>
Cc: "kitten@ietf.org" <kitten@ietf.org>
Subject: Re: [kitten] WGLC on draft-ietf-kitten-aes-cts-hmac-sha2-06
Precedence: list

Hi Luke,

quite right, i should have sensed a trap when you wrote you are "not a crytographer" :-)

I would not presume to correct anyone, just that this a big topic, and attempting to generalise always leaves room for further comment.

The SHA-2 family has six members, falling into two architectural groups, meaning that SHA 512 truncated to 256 can be thought of as a version of SHA-512, this cannot be said for SHA-256.

But as you say, this may be going off at a tangent as HMAC is not suseptible to length extension attacks anway.

Dean

Gesendet: Mittwoch, 15. April 2015 um 17:13 Uhr
Von: "Luke Howard" <lukeh@padl.com>
An: D.Rogers@gmx.net
Cc: "Greg Hudson" <ghudson@MIT.EDU>, "kitten@ietf.org" <kitten@ietf.org>, "mjjenki@tycho.ncsc.mil" <mjjenki@tycho.ncsc.mil>
Betreff: Re: [kitten] WGLC on draft-ietf-kitten-aes-cts-hmac-sha2-06

On 15 Apr 2015, at 7:54 pm, D.Rogers@gmx.net" target="_parent" rel="nofollow">D.Rogers@gmx.net wrote:

Starting from a larger set and truncating to the same end result does improve security, it may reduce it.

My understanding is that as long as the hash function has strong diffusion this is not a problem. The different SHA-2 variants are all truncated versions of SHA-512 (with different initial values). Also, not relevant here (because HMAC is used) but truncating hashes can actually improve security by avoiding length extension attacks.

Feel free to correct me as I’m not a cryptographer, I don’t even play one on TV… :)

— Luke

Re: [kitten] WGLC on draft-ietf-kitten-aes-cts-hm… Benjamin Kaduk
[kitten] WGLC on draft-ietf-kitten-aes-cts-hmac-s… Benjamin Kaduk
Re: [kitten] WGLC on draft-ietf-kitten-aes-cts-hm… Greg Hudson
Re: [kitten] WGLC on draft-ietf-kitten-aes-cts-hm… Benjamin Kaduk
Re: [kitten] WGLC on draft-ietf-kitten-aes-cts-hm… Greg Hudson
Re: [kitten] WGLC on draft-ietf-kitten-aes-cts-hm… Jeffrey Altman
Re: [kitten] WGLC on draft-ietf-kitten-aes-cts-hm… Benjamin Kaduk
Re: [kitten] WGLC on draft-ietf-kitten-aes-cts-hm… Michael Jenkins
Re: [kitten] WGLC on draft-ietf-kitten-aes-cts-hm… Jeffrey Altman
Re: [kitten] WGLC on draft-ietf-kitten-aes-cts-hm… Greg Hudson
Re: [kitten] WGLC on draft-ietf-kitten-aes-cts-hm… Weijun Wang
Re: [kitten] WGLC on draft-ietf-kitten-aes-cts-hm… Greg Hudson
Re: [kitten] WGLC on draft-ietf-kitten-aes-cts-hm… Luke Howard
Re: [kitten] WGLC on draft-ietf-kitten-aes-cts-hm… Viktor Dukhovni
Re: [kitten] WGLC on draft-ietf-kitten-aes-cts-hm… D.Rogers
Re: [kitten] WGLC on draft-ietf-kitten-aes-cts-hm… Luke Howard
Re: [kitten] WGLC on draft-ietf-kitten-aes-cts-hm… Viktor Dukhovni
Re: [kitten] WGLC on draft-ietf-kitten-aes-cts-hm… D.Rogers
Re: [kitten] WGLC on draft-ietf-kitten-aes-cts-hm… Benjamin Kaduk
Re: [kitten] WGLC on draft-ietf-kitten-aes-cts-hm… Nico Williams
Re: [kitten] WGLC on draft-ietf-kitten-aes-cts-hm… Nico Williams
Re: [kitten] WGLC on draft-ietf-kitten-aes-cts-hm… Nico Williams
Re: [kitten] WGLC on draft-ietf-kitten-aes-cts-hm… Nico Williams
Re: [kitten] WGLC on draft-ietf-kitten-aes-cts-hm… Nico Williams
Re: [kitten] WGLC on draft-ietf-kitten-aes-cts-hm… Michael Peck
Re: [kitten] WGLC on draft-ietf-kitten-aes-cts-hm… Viktor Dukhovni
Re: [kitten] WGLC on draft-ietf-kitten-aes-cts-hm… Greg Hudson
Re: [kitten] WGLC on draft-ietf-kitten-aes-cts-hm… Nico Williams
Re: [kitten] WGLC on draft-ietf-kitten-aes-cts-hm… Benjamin Kaduk
Re: [kitten] WGLC on draft-ietf-kitten-aes-cts-hm… Benjamin Kaduk
Re: [kitten] WGLC on draft-ietf-kitten-aes-cts-hm… Benjamin Kaduk
Re: [kitten] WGLC on draft-ietf-kitten-aes-cts-hm… Benjamin Kaduk
Re: [kitten] WGLC on draft-ietf-kitten-aes-cts-hm… Nico Williams
Re: [kitten] WGLC on draft-ietf-kitten-aes-cts-hm… Benjamin Kaduk
Re: [kitten] WGLC on draft-ietf-kitten-aes-cts-hm… Jeffrey Altman
Re: [kitten] WGLC on draft-ietf-kitten-aes-cts-hm… Michael Peck
Re: [kitten] WGLC on draft-ietf-kitten-aes-cts-hm… Greg Hudson
Re: [kitten] WGLC on draft-ietf-kitten-aes-cts-hm… Benjamin Kaduk
Re: [kitten] WGLC on draft-ietf-kitten-aes-cts-hm… Jeffrey Altman
Re: [kitten] WGLC on draft-ietf-kitten-aes-cts-hm… Michael Jenkins
Re: [kitten] WGLC on draft-ietf-kitten-aes-cts-hm… Jeffrey Altman